Comments at end.
At 05:50 PM 1/13/00 -0500, Leandro Asnaghi-Nicastro wrote [in part]:
...
>The Linux box can connect to port 119 without any problems.
>Also, we just noticed (heh), that we can't surf. The site gets a
>"connected" but nothing loads. Of course we can ping it, and we
>also can surf the web from the Linux machine.
>
>> 2. Check for any ipchains rules that affect port 119, the nntp
>> port.
>
>None there. If you want, I can send you the rules we have set up
>for Ipchains, being there a total of three. I'll have my friend send
>them to me.
...
>I had my friend test everything. The only things that don't work are
>ICQ's option to send files (that probably easily fixable by telling ICQ
>that it is behind a firewall), news and web. Everything else, so far,
>works like a charm.
OK. Four thoughts ...
1. Please do send a copy of the ipchains rules. They are tricky things, and
just having another set of eyeballs on them might help.
2. ICQ is a known problem with Masq. I don't run it here so don't know the
fix, but I believe there's info about it on oner of the LRP (Linux Router
Project) sites. Look for a link at http://lrp.c0wz.com .
3. Is there any possibility that the ISP is interfering somehow, perhaps by
inserting a proxy server into the line? I don't offhand know if sending
Masq'd packets to a proxy server introduces any problems; does anyone?
4. Your masq'd host might be identifying itself with a FQDN that fails a
reverse-lookup check. Are you able to ftp? This does require a special
masq'ing module. I ask because it is another service that typically
authenticates the source of a requeest (as do http and nntp, often). Also,
can you send e-mail through the Linux router (without using a MTA on it as
smart relay)?
------------------------------------"Never tell me the odds!"---
Ray Olszewski -- Han Solo
Palo Alto, CA [EMAIL PROTECTED]
----------------------------------------------------------------
